Bump pygithub from 1.58.2 to 2.4.0

[dependabot]

Bumps pygithub from 1.58.2 to 2.4.0.

Release notes

Sourced from pygithub's releases.

v2.4.0

New features

• Allow custom authentication @​kliem (#2987)

Improvements

• Add has_discussions to AuthenticatedUser and Repository classes @​cwlls (#3020)
• Update more SecurityAndAnalysis attributes @​squatched (#3025)
• Implement support for re-running only failed workflow jobs. @​chrisgavin (#2983)
• Add possibility to mark a thread/notification as done @​m42e (#2985)
• Add "pull_request_review_id" to PullRequestComment object @​stroebs (#3000)
• Add minimize and unminimize functions for IssueComment class @​arash77 (#3005)
• Support Organization/Repository custom properties @​jackylamhk (#2968)
• Add dict type to add_attribute script @​jackylamhk (#2977)
• Allow for deleting and restoring branch associated with PR @​austinsasko (#1784)
• Add "archived_at" to Organization object. @​billnapier (#2974)
• Adds Security & Analysis To Repository @​squatched (#2960)
• Add added_by and last_used attributes to RepositoryKey @​ramiro (#2952)
• Add make_latest to GitRelease.update_release @​treee111 (#2888)
• Make Commit.files return PaginatedList @​iarspider (#2939)

Bug Fixes

• Fix GraphQL Queries with Variables @​kgal-pan (#3002)

Maintenance

• Remove support for Python 3.7 @​EnricoMi @​khneal (#3008, #2975)
• docs: add missing code-block @​kumy (#2982)
• Update README.md @​KPCOFGS (#2961)
• CI: Fix test success job @​EnricoMi (#3010)

v2.3.0

New features

• Support oauth for enterprise @​EnricoMi (#2780)
• Support creation of Dependabot Organization and Repository Secrets @​thomascrowley (#2874)

Improvements

• Create release with optional name and message when generate_release_notes is true @​heitorpolidoro (#2868)
• Add missing attributes to WorkflowJob @​xvega (#2921)
• Add created and check_suite_id filter for Repository Workflow runs @​treee111 (#2891)
• Assert requester argument type in Auth @​EnricoMi (#2912)

Bug Fixes

• Revert having allowed values for add_to_collaborators @​jodelasur (#2905)

Maintenance

• Fix imports in authentication docs @​wurstbrot (#2923)
• CI: add docformatter to precommit @​Borda (#2614)

... (truncated)

Changelog

Sourced from pygithub's changelog.

Version 2.4.0 (August 26, 2024)

Breaking Changes ^^^^^^^^^^^^^^^^

• The github.Commit.Commit class provides a files property that used to return a list[github.File.File], which has now been changed to PaginatedList[github.File.File]. This breaks user code that assumes a list:

.. code-block:: python

files = repo.get_commit("7266e812ed2976ea36a4303edecfe5d75522343f").files
no_of_files = len(files)

This will raise a TypeError: object of type 'PaginatedList' has no len(), as the returned PaginatedList does not support the len() method. Use the totalCount property instead:

.. code-block:: python

files = repo.get_commit("7266e812ed2976ea36a4303edecfe5d75522343f").files
no_of_files = files.totalCount

• Removed support for Python 3.7.

New features ^^^^^^^^^^^^

• Allow custom authentication (#2987) (32b826fd)

Improvements ^^^^^^^^^^^^

• Add has_discussions to AuthenticatedUser and Repository classes (#3020) (75224167)
• Update more SecurityAndAnalysis attributes (#3025) (fa168279)
• Implement support for re-running only failed workflow jobs. (#2983) (23e87563)
• Add possibility to mark a thread/notification as done (#2985) (5ba24379)
• Add "pull_request_review_id" to PullRequestComment object (#3000) (6a59cf82)
• Add minimize and unminimize functions for IssueComment class (#3005) (09c4f58e)
• Support Organization/Repository custom properties (#2968) (c5e6b702)
• Add dict type to add_attribute script (#2977) (2a04f9cc)
• Allow for deleting and restoring branch associated with PR (#1784) (4ba1e412)
• Add "archived_at" to Organization object. (#2974) (cc766a6f)
• Adds Security & Analysis To Repository (#2960) (f22af54d)
• Add added_by and last_used attributes to RepositoryKey (#2952) (5dffa64d)
• Add make_latest to GitRelease.update_release (#2888) (60136105)
• Make Commit.files return PaginatedList (#2939) (fa885f00)

Bug Fixes ^^^^^^^^^

... (truncated)

Commits

• 8508735 Release v2.4.0 (#3027)
• 7522416 Add has_discussions to AuthenticatedUser and Repository classes (#3020)
• fa16827 Update more SecurityAndAnalysis attributes (#3025)
• 23e8756 Implement support for re-running only failed workflow jobs. (#2983)
• d0e0507 Complete dropping Python 3.7 (#2975)
• 32b826f Allow custom authentication (#2987)
• 5ba2437 Add possibility to mark a thread/notification as done (#2985)
• 61d37dc CI: Fix test success job (#3010)
• 38197d6 Revert "Add has_discussions field to Repository class" (#3009)
• 7213cd0 Add has_discussions field to Repository class (#2995)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on updating the PyGithub library from version 1.58.2 to 2.4.0 in the requirements.txt file, which should be carefully reviewed to ensure no breaking changes or security implications, and the dependencies in the requirements.txt file should be regularly reviewed and updated to maintain the security and stability of the application.

Expand for full summary

Summary:

The provided code changes in this pull request focus on updating the PyGithub library from version 1.58.2 to version 2.4.0 in the requirements.txt file. This is a significant version bump, and it's important to review the changes in the new version to ensure that there are no breaking changes or security implications.

From an application security perspective, the PyGithub library is used for interacting with the GitHub API, which could potentially be used for various security-related tasks, such as monitoring code repositories for vulnerabilities or automating security checks. The version update should be carefully reviewed to ensure that any security-related features or bug fixes are properly addressed. Additionally, the requirements.txt file contains a large number of dependencies, which can increase the attack surface of the application. It's important to regularly review and update these dependencies to ensure that they are up-to-date and free of known vulnerabilities.

Files Changed:

• requirements.txt: This file has been updated to include a new version of the PyGithub library, from 1.58.2 to 2.4.0. This is a significant version bump, and it's crucial to review the changes in the new version to ensure that there are no breaking changes or security implications. Additionally, the requirements.txt file contains a large number of dependencies, which should be regularly reviewed and updated to maintain the security and stability of the application.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[cneill]

@dependabot rebase

[cneill]

I've asked Dependabot to rebase this one just so it's not failing tests for irrelevant reasons, but this still isn't ready to be merged. See this comment from the prior PR about breaking changes

[mtesauro]

@dependabot recreate

[dependabot]

Superseded by #11215.